BIG-IP Report
Problem this snippet solves:
Overview
This is a script which will generate a report of the BIG-IP LTM configuration on all your load balancers making it easy to find information and get a comprehensive overview of virtual servers and pools connected to them.
This information is used to relay information to NOC and developers to give them insight in where things are located and to be able to plan patching and deploys. I also use it myself as a quick way get information or gather data used as a foundation for RFC's, ie get a list of all external virtual servers without compression profiles.
The script has been running on 13 pairs of load balancers, indexing over 1200 virtual servers for several years now and the report is widely used across the company and by many companies and governments across the world.
It's easy to setup and use and only requires auditor (read-only) permissions on your devices.
Demo/Preview
Interactive demo
http://loadbalancing.se/bigipreportdemo/
Screen shots
The main report:
The device overview:
Certificate details:
How to use this snippet:
Installation instructions
BigipReport REST
This is the only branch we're updating since middle of 2020 and it supports 12.x and upwards (maybe even 11.6).
- Downloads:
https://loadbalancing.se/downloads/bigipreport-v5.7.13.zip - Documentation, installation instructions and troubleshooting: https://loadbalancing.se/bigipreport-rest/
Docker support
https://loadbalancing.se/2021/01/05/running-bigipreport-on-docker/
Kubernetes support
https://loadbalancing.se/2021/04/16/bigipreport-on-kubernetes/
BIG-IP Report (Legacy)
Older version of the report that only runs on Windows and is depending on a Powershell plugin originally written by Joe Pruitt (F5)
BIG-IP Report (only download this if you have v10 devices):
https://loadbalancing.se/downloads/bigipreport-5.4.0-beta.zip
iControl Snapin
https://loadbalancing.se/downloads/f5-icontrol.zip
Documentation and Installation Instructions
https://loadbalancing.se/bigip-report/
Upgrade instructions
Protect the report using APM and active directory
Written by DevCentral member Shann_P:
https://loadbalancing.se/2018/04/08/protecting-bigip-report-behind-an-apm-by-shannon-poole/
Got issues/problems/feedback?
Still have issues? Drop a comment below. We usually reply quite fast. Any bugs found, issues detected or ideas contributed makes the report better for everyone, so it's always appreciated.
---
Join us on Discord: https://discord.gg/7JJvPMYahA
Code :
BigIP Report
Tested this on version:
12, 13, 14, 15, 16
Perhaps it's a SOAP/REST difference?
Good guess! It is. SOAP got more permissions with a read-only role than REST does.
It's a read only account. I'm only using one traffic group on that F5.
Could you please send me the results from this REST endpoint from both devices?
curl -sku admin:password https://<F5-management>/mgmt/tm/cm/failover-status
Please go ahead and clean the output from sensitive information (if any) before posting. 🙂
In case you haven't worked with the REST API you'll literally need the admin user in order to use basic auth. Otherwise you'd need to a token in order to get the info with a "normal" user. You can check out the authentication troubleshooting in this article to see how to get a token:
- DelbruggeNimbostratus
I get an authorization error when trying to use the token from the read-only account to query the failover status, but get no error and the expected results when using an admin account. I adjust the permissions of this account and get back.
New version out!
Changes
TLDR;
Added buttons to copy the monitor tests instead of the tooltip versionBunch of other things has happened under the hood:
* Refactored the monitor send string functions * Added unit tests for monitor send string functions
* Added Cypress for integration testing * Refactored and added types for a bunch of functions * Transpiling via Webpack to: - Allow browser friendly module handling while unit tests are still working - Bundling all our code into one bundle instead of multiple filesThe main reason for the changes above are for us to be able to protect the project against regression errors and ensure that the code quality reaching the end users is good enough.
For those making local changes, please note that the way the js-src is built has been changed. The contribution guide article has been updated accordingly.
DockerHub update
BigIPReport was approved as an Open source project by Dockerhub but upon enrolling the account used to host the Docker images the process got stuck. My contact stopped replying and after multiple reminders and a few months I have now re-submitted the application. Until then I'll keep paying from my own pocket.
The k8s data-collector used to gather data for the report has been pulled over 3500 times so I am guessing at least a few people are using the builds.
Manual installations: https://loadbalancing.se/downloads/bigipreport-v5.6.5.zip
Kubernetes: bigipreport/data-collector-k8s:v5.6.5v5.6.6-beta has been released
- Added much stricter linting rules
- Added parameter typing to almost all functions
- Added prettier for a more consistent code style
- Handling Virtual server masks with value any6
- Graceful handling of policy processing for optional attributes
I will not publish this version as stable as there's way too much code refactoring. However, if you want to help, please go ahead and download it from here:
https://loadbalancing.se/downloads/bigipreport-v5.6.6-beta.zip
There is also a (half-baked) docker-compose example of how to run the data-collector here:
https://github.com/epacke/bigipreport-docker-exampleWorking on a video guide on how to get started but my right arm is still not recovered from being broken so it's a bit slow. 🙂
A user reported that there are issues with the live polling function in v5.6.6. Last version it worked on seems to be v5.6.1. If you use this function I'd advise to wait with an upgrade.
Fix can be tracked here:
https://github.com/net-utilities/BigIPReport/issues/104Found more bugs or want features? Join us on Discord:
https://discord.gg/RzmjgneWPolling function has been fixed in v5.6.7-beta together with bug fix from Tim related to the ASM policy indexing.
You can download it here (or pull from DockerHub):
https://loadbalancing.se/downloads/bigipreport-v5.6.7-beta.zipFound more bugs or want features? Join us on Discord:
https://discord.gg/RzmjgneWWould appreciate some feedback. If you run version above v5.5.0 and use an F5 in front of it, could you please try this iRule? It makes the web server serve the Brotli compressed files instead of the Json files and it should accelerate the loading times quite a lot. Would be interesting to hear load times before and after:
when HTTP_REQUEST { set has_replaced 0 if { [HTTP::header Accept-Encoding] contains "br" && [HTTP::uri] ends_with ".json" && [HTTP::uri] ne "/json/knowndevices.json" } { HTTP::uri "[HTTP::uri].br" set has_replaced 1 } } when HTTP_RESPONSE { if { $has_replaced } { HTTP::header replace "Content-Encoding" "br" } }
If it works well we can include it in the repository and installation instructions.
Small fix released in v5.6.8 where the public IP information was shown even when there are no NAT file configured.
Can be downloaded from here:
https://loadbalancing.se/downloads/bigipreport-v5.6.8-beta.zipThanks to Tim for the fix!
/Patrik
Update regarding Brotli support
If you do not know what Brotli is you can look at it as a much more efficient way to compress css, json and javascript files. It's a bit slower to compress but on the upshot it's much smaller and using it will speed up the BigIPReport application delivery significantly. The last week we've been focusing on making it easier for people to use Brotli with their BigIPReport installations by creating server templates for different web server vendors.
For those with larger BigIPReport installations I'd really really recommend checking this out. It pretty easy and the gain is high.
Before you start though, please note that the report must run over HTTPS for Brotli to be supported!
Docker/Kubernetes
I've now fixed the nginx configuration in the frontend containers. Pull bigipreport/frontend:v5.6.8 or latest to use the fix. Make sure to empty your cache if you use the tag :latest (not recommended to use this tag btw).
F5 iRules
For those serving BigIPReport via an F5 you can grab an iRule which will do the necessary rewrites to use Brotli. The iRule can be found here:
https://github.com/net-utilities/BigIPReport/blob/master/other/ServeBrotliViaF5/serve-brotli.tclIIS
Still stuck with an old Windows installation? First I'd recommend moving to a Linux based installation instead. If this is not possible Tim has been so kind as to share his IIS web.config here:
https://github.com/net-utilities/BigIPReport/blob/master/other/iis/web.configApache
For those that uses Apache our superstar Tim has yet again delivered. You can find the Apache config here:
https://github.com/net-utilities/BigIPReport/blob/master/other/apache/brotli.confNginx
If you prefer to run your own Nginx server you can check out the file used in the frontend container:
https://github.com/net-utilities/BigIPReport-Docker/blob/master/frontend/default.confDouble checking that it works
Using curl this is easy enough. Just run the command below and look for "content-encoding: br":
curl -I -H "Accept-Encoding: br" https://bigipreport.xip.se/json/pools.json HTTP/2 200 server: istio-envoy date: Wed, 11 May 2022 20:59:36 GMT content-type: application/json content-length: 709 last-modified: Wed, 11 May 2022 20:58:19 GMT etag: "627c236b-2c5" content-encoding: br vary: Accept-Encoding accept-ranges: bytes x-envoy-upstream-service-time: 0
You can also double check this by opening up the developer tools of Chrome, head over to the Network tab and refresh your BigIPReport page. If Brotli is used as it should you should see "content-encoding: br" in the response headers. See the screenshot below:
If you run into trouble, please go ahead and head over to our Discord channel:
https://discord.gg/fwEaT7RfHave a good one!